Substantial efforts have been devoted to the prevention of copying of proprietary software. Such efforts have generally failed and it is now accepted that the most effective method for protecting proprietary software is through the vehicle of use protection and not copy protection. Use protection generally involves the encryption of the software and its decryption at the point of use. A classic method used to send digital information securely between a provider and a consumer is via a single key crypto system such as is prescribed in the "Data Encryption Standard" by the National Bureau of Standards. In this process, a single key is used for encryption and decryption, is kept secret and, for added security, is changed frequently. One process for key changing is termed "key chaining" and involves the placing of new keys at agreed upon places within an encrypted data stream. Absolute security of this method relies on the secrecy of, at least, one seed key. Since the data communications channel usually is not physically secure, the seed key is often delivered to the consumer via a physically secure channel, such as a trusted courier. This is not a practical method for high volume environments with many consumers and many types of data streams.
A dual key crypto system using both a public and private key can eliminate the key distribution problem, but requires that the data stream be encrypted with a consumer's unique public key. In such instance, the term "public key" means that its identity is disclosed to the media provider. The term "private key" means that its identity is concealed from the media provider, but may be discovered if the consumer does not exert sufficient efforts to maintain its security. The public and private keys may be a pair of keys as in a true dual key crypto system. Alternatively, assuming a level of trust exists between the provider and consumer, the private key may be the secret key of a single key crypto system and the public key used to identify which secret key is used, without disclosing the actual key. Thus, in order to restrict access to some subset of all consumers and still employ a dual key crypto system, the media provider must send a differently encoded data stream to each consumer, which data stream is then decrypted by the consumer's private key. This procedure is also not practical for high volume environments.
A combination of dual key and single key crypto systems can reduce the above-noted problems. There, media is encrypted by a single master key within a provider's physically secure environment. The master key (hereinafter referred to as Media Master Key or MMK) is then further encrypted using a public key provided by the consumer or a secret key possessed both by the provider and the consumer. The encrypted MMK and is then distributed along with the media or via a separate key request transaction. The consumer then uses its private key to decrypt the MMK. The de-encrypted MMK then enables decrypted of the media in the consumer's secure physical environment.
The above described data security techniques and variations thereof can be found in the following prior art. In U.S. Pat. No. 4,465,901 to Best, a crypto-microprocessor executes an enciphered program by piecemeal deciphering of enciphered instructions, as it needs them. By deciphering small portions of the program only when they are needed, Best avoids the need for storing the entire program in its deciphered form. Various methods of encryption are described, with Best indicating that the microprocessor chip may use a unique cipher key or table for deciphering program instructions so that the program can be executed on one chip and cannot be run on any other microprocessor.
In U.S. Pat. No. 4,558,176 to Arnold et al., media protection is implemented by uniquely enciphering the media for each customer. Furthermore, the Arnold et al. central processing unit is required to switch modes when changing from encrypted software to non-encrypted software. Thus, express instructions must be provided to enable the mode switch and the application programmer must be aware of the mode switch requirements.
U.S. Pat. No. 4,634,807 to Chorley et al. describes an add-on to a host computer which employs a data encryption algorithm and a key that is encrypted using a public key of a public/private key system. The encrypted software module is entered into a software protection device where the private key decodes the data encryption key. Once the decryption is complete, the host computer is enabled to use the decoded software but it does so through an input/output channel which is accessible to the user and is a point at which a decryption attack can be levelled.
U.S. Pat. No. 4,807,288 to Ugon et al. describes a one chip microprocessor for implementing a public/private key encryption function. The chip microprocessor does not execute the data but merely acts as a decoder. The system is thus subject to attack at the input/output port to the microprocessor.
U.S. Pat. No. 4,850,017 to Matyas, Jr. et al. describes a dual key encryption system wherein control values are authenticated and control access to cryptographic keys.
U.S. Pat. No. 4,847,902 to Hampson, describes a computer which selectively decrypts instructions from main memory, using one of a plurality of keys. Instructions are decrypted only during execution when these instructions are transferred from main memory to a cache memory associated with the computer. In the Hampson system, only one key is activated at any one time, and a switch of keys requires a call to a subroutine. Thus, while key switching is enabled, it is accomplished in a manner which must be known to the application programmer and accounted for in the program. Further, there is no indication in Hampson that he addresses both encrypted data and instructions.
U.S. Pat. No. 4,888,798 to Earnest describes computer software that includes both authorized and unauthorized elements. The user may unlock any one or more of the authorized elements by entering corresponding encryption keys, usually a key for each authorized element. In addition, multiple keys are indicated as being utilized to enable access to a de-encrypting key.
In summary, the prior art indicates use of encrypted data, encrypted instructions, the use of encrypted keys to decrypt software, the use of clear keys for decryption purposes and the use of secure processing environments wherein decrypted data is protected. In much of the above prior art, however, user access is allowed to either clear data or clear instructions as they are passed back and forth between a processor and a decrypting processor. Furthermore, in the known prior art, the operating processor is required to operate in different modes when dealing with encrypted and non-encrypted software media. As a result, the application software designer must continually be aware of such modes and invoke them at the proper times.
Accordingly, it is an object of this invention to provide a system for handling encrypted media wherein the system's central processing unit is able to handle both encrypted and non-encrypted data and instructions in a seamless fashion.
It is another object of this invention to provide a system for encrypted and de-encrypted of software media that is integrated into a memory management architecture of a central processing unit.
It is still a further object of this invention to enable a central processing unit to simultaneously access encrypted and non-encrypted instructions and data without the need for explicit mode switch instructions.